Driver and Firmware Servicing PowerShell Module

Its been just over a month since the announcement of Commercial Driver and Firmware Servicing by Microsoft. Since then I have been working on delivering this to businesses, and sometimes it can be a challenge to keep on top of all of the different graph endpoints that are required to keep the cogs turning. So, out of my own sanity saving idea, I pulled together a PowerShell Module (Driver.Firmware.Servicing) to help make the service a lot more consumable for admins.

Microsoft provided some great conceptual documentation on the service, but I wanted to make it a lot easier to consume. So, I have created a PowerShell Module that abstracts away the complexity of the Graph API, and provides a simple interface to manage the service. See the Microsoft documentation for more information on the service.

What is Driver and Firmware Servicing?

Let us quickly recap on what Driver and Firmware Servicing is. Utilising the Windows Update for Business Deployment Service (WUfBDS), Driver and Firmware Servicing is a service that allows you to manage the drivers and firmware that are deployed to your devices. It is available to commercial customers, with one of the following licencing SKUs.

  • Microsoft 365 E3 & E5
  • Microsoft 365 A3 & A5
  • Microsoft 365 Business Premium

What does the PowerShell Module do?

The PowerShell Module is designed to make the management of Driver and Firmware Servicing a lot easier. Behind the scenes it is using the Graph API to make the calls to the service, with the PowerShell Module abstracting away the complexity of the Graph API.

Where can I get the PowerShell Module?

As mentioned in the opening paragraph, the PowerShell Module is available from the PowerShell Gallery. You can install it by running the following command in PowerShell.

Install-module Driver.Firmware.Servicing #-MinimumVersion 1.0.0 is recommended

How do I use the PowerShell Module?

GitHub Resource

Whist I have also documented these on the GitHub repo (linked above), alongside the source code, I will also cover them here.

Create a new policy

#Create a deployment audience
$deploymentAudience = New-DeploymentAudience
#create a new automatic policy, deferring updates for 1 day
$policy = New-DriverUpdatePolicy -audienceID $deploymentAudience.id -policyType "Automatic" -deferralTime "P1D"

Add a device to a policy

#Array of Azure AD Device IDs
$deviceIDs = @("deviceID1","deviceID2")
#Explicitly Enrol the devices to the WUfBDS Driver Feature
Push-EnrollUpdateableAsset -deviceIDs $deviceIDs
#Add the devices to the deployment audience
Add-DeploymentAudienceMember -audienceID $deploymentAudience.id -azureDeviceIDs $deviceIDs

Get a list of applicable content

#Get a list of applicable content for the policy
Get-DriverUpdatePolicyApplicableContent -policyID $policy.id

Get a list of compliance changes & view update schedule

#Get a list of compliance changes for the policy
$complianceChanges = Get-DriverUpdatePolicyComplianceChange -policyID $policy.id
#View Update Schedule
$updateEntry = $complianceChanges | Where-Object {$_.content.catalogEntry.displayName -eq "Intel - System - 4/12/2017 12:00:00 AM - 14.28.47.630"}
$updateEntry.deploymentSettings.schedule

Add a Driver Update Approval

#Get the Update Catalog ID for the driver update.
$catalogID = (Get-DriverUpdatePolicyApplicableContent -policyID $policy.id | Where-Object {$_.catalogEntry.displayName -eq "Intel - System - 4/12/2017 12:00:00 AM - 14.28.47.630"}).catalogEntry.id
#Add the driver update approval and defer it for 2 days (Deferral time is set to 0 day in the policy)
Add-DriverUpdateApproval -policyIDs @($($policy.id),"PolicyID2") -catalogEntryID $catalogID -deferDays 2

Revoke a Driver Update Approval

#Get the Update Catalog ID for the driver update.
$catalogID = (Get-DriverUpdatePolicyApplicableContent -policyID $policy.id | Where-Object {$_.catalogEntry.displayName -eq "Intel - System - 4/12/2017 12:00:00 AM - 14.28.47.630"}).catalogEntry.id
#Revoke the driver update approval
Revoke-DriverUpdateApproval -policyIDs @($($policy.id),"PolicyID2") -catalogEntryID $catalogID

Update a Driver Update Deferral

#Update the deferral time for the policy
Update-DriverUpdatePatchDeferral -policyID $policy.id -deferralTime "P2D"

Conclusion

There are so many more things that you can do with the PowerShell Module, and I will be adding more functionality to it over time. If you have any suggestions, please let me know by using the discussions and issues tabs on the GitHub repo.

comments powered by Disqus